Hi,
I do not expect to use EAP, so the certs are only to connect to the ldap servers. I'm new to openssl, but I did manage to find the syntax for reading the PEM crt file with -noout -text, and it give me the certificate data.
okay
The directory that I pointed to were the one that bootstrap automatically created. Do I need to create new certificates for the ldap lookup (if so is there a guide some where)?
err, yes. those certs made by bootstrap are SSL certs for the EAP part of the server - for clients to talk to your RADIUS server. for you to use LDAP with TLS, you will need to get a copy of the CA file for the CA that signs your LDAP server.... you can then also get a copy of the LDAP cert if you wish to set it - though I think that can be automatically provisioned in the TLS setup should you not wish to be paranoid
What is required (eg. key = values etc) in order to do a secure LDAP lookup in a remote AD. I would also like (for testing) to ensure that the ldap lookup does not try to validate the ldap server certificate I assume that "require_cert" does this for me?
as above...get a copy of the CA file that signs the LDAP/AD server and get a copy of the LDAP server cert. the stuff you've configured is for EAP server component alan